EP2216742A1 - Mobile payment method and devices - Google Patents

Abstract

The method involves confirming payment data (15) comprising determined payment source (14.1) by inputting an identifier i.e. personal identification number (11') associated with a switching center (8). The payment data and the identifier are electronically signed by a key (16) stored on a chip module i.e. subscriber identity module card (12). The signed payment data and the identifier are transmitted to the center, and a message (17) is transmitted from the center to a payment institution (9.1) associated with the determined payment source to debit amount of money from the payment source. Independent claims are also included for the following: (1) a computer program for performing a method for paying an amount of money via a mobile terminal (2) a system for paying an amount of money.

Description

FIELD OF THE INVENTION

The present invention relates generally to methods, apparatus, systems and computer programs for electronic payment methods, and more particularly to methods, systems and computer programs for payment by wireless terminals for mobile terminals.

BACKGROUND OF THE INVENTION

Mobile payment methods are becoming more and more important as most users nowadays carry a mobile phone and they are of great practical use because, for example, cash no longer needs to be handed over. There are already some pilot projects to pay parking fees via mobile phone.

The spread of mobile phones gives the so-called mobile payment, in short M-Payment, new perspectives. Demand is high among consumers: According to a study commissioned by the German Federal Ministry of Economics and Technology, nearly half of Germans would like to use the mobile phone for payment transactions.

However, many customers are very reluctant to transmit security-related data, such as the number (s) of their credit card (s), or the secret PIN (s) of their debit card (s) via the Internet or the mobile network, even if the Transmission over a secure, encrypted connection. This reluctance to provide security-related data over the mobile or the Internet is certainly a significant limiting factor in e-commerce sales.

Since autumn 2006 motorists in Cologne can pay their parking tickets at five machines via the mobile phone-based payment system "Crandy". With this payment system, the debit is made only from a single account, which the user has to set up separately with the provider of the mobile payment method and to which he must transfer money from his conventional current account.

From the CA 2 363 220 It is known to use the SIM card of a mobile phone as a credit card in which all necessary for payment data, such as the credit card number, information about the user and a signature key are stored on the SIM card. An encrypted SMS is sent to a user's mobile phone requesting credit card payment information, information about the user, a digital signature, and a confirmation. The SIM card in the mobile phone is used as a tamper-resistant device to store information about the user, credit card information and a private key.

The WO 98/47116 relates to a telecommunication / data communication network with a service node facilitating a payment / transfer from a customer account of a customer's credit institution to a merchant account of a merchant's credit institution.

Among other things, the security of a data transmission depends on whether the recipient can verify whether, on the one hand, the message received actually originates from the person who indicates the sender (authenticity) and, on the other hand, whether the recipient can verify that the message does not change became (integrity).

The EP 1 027 784 B1 refers to a method for digitally signing a message using a mobile phone as a signing device. A secret key used for digital signing is stored on a memory unit of a chip card of the mobile phone.

The WO 03/049364 A1 discloses a method of payment via a mobile communication device comprising a message processing program module contained in a SIM card.

The EP 0 986 275 A1 discloses a method for purchasing goods and services with a mobile phone. To order a product or service from the service provider, the customer must create a cash account in the customer database.

The present invention aims to provide methods, systems and computer programs that allow debiting of preferably several already existing at banks accounts without security-relevant data on data networks (Internet, mobile phone network, etc.) must be disclosed or the user remember one or more secret PINs.

SUMMARY OF THE INVENTION

One aspect of the invention relates to a method of payment of a sum of money via a mobile terminal containing a chip module. The method includes determining a payment source on the mobile terminal, confirming payment data comprising the particular payment source by entering an identifier associated with a switching center, at least partially electronically signing the payment data and the encrypted identifier by means of a key stored on the chip module, transmitting the signed payment data and the signed, encrypted identifier to the switching center, and transmitting a message from the switching center to a payment institution belonging to the selected payment source to deduct the amount of money from the payment source.

Another aspect of the invention relates to a method of payment of a monetary amount via a mobile terminal including a chip module. The method includes inputting payment data including an indication of a payment source and an identifier associated with a central office on a mobile terminal, calculating a confirmation code based on the identifier, the payment data and a time stamp by the mobile terminal, transmitting the payment data, a character string identifying the mobile terminal and the confirmation code from a payee to the switching center, and transmitting a message from the switching center to a payment institution belonging to the selected payment source to deduct the amount of money from the payment source.

Yet another aspect of the invention relates to a computer program which is either in the form of a machine readable medium having program code stored thereon or in the form of a propagated signal comprising a representation of a program code. The program code is adapted to execute a method of payment of a sum of money when it is executed on a computer system used as a switching center. The method includes receiving signed payment data including a user-designated payment source, receiving a signed encrypted identifier associated with the switch center that belongs to the central office Confirmation of the payment data has been transmitted from the mobile terminal; Checking the payment data and the encrypted identifier based on the signature; Checking the decrypted identifier; and transmitting a message from the central office to a payment institution belonging to the selected payment source to debit the amount of money from the payment source.

Yet another aspect of the invention relates to a computer system for use as a switchboard on which the method of the invention can be practiced.

Yet another aspect of the invention relates to a computer program which is either in the form of a machine readable medium having program code stored thereon or in the form of a propagated signal comprising a representation of a program code. The program code is configured to execute a method of payment of an amount of money when executed on a mobile terminal including a chip module. The method includes enabling the user to determine a payment source and to confirm payment data comprising the particular payment source by entering an identifier associated with the central office, at least partially electronically signing the payment data and the signed encrypted identifier using a key stored on the chip module , and transmitting the signed payment data and the signed encrypted identifier to the central office.

Yet another aspect of the invention relates to a mobile terminal on which the method according to the invention can be carried out.

Yet another aspect of the invention relates to a replaceable chip module on which the above computer program is stored and which is adapted to carry out the method according to the invention.

Finally, a final aspect of the invention relates to a system for payment of a sum of money, comprising a switching center and a mobile terminal containing a chip module. The mobile terminal is adapted to allow the user to designate a payment source and to confirm payment data comprising the particular payment source by entering an identifier associated with the central office, at least partially signing the payment data and the encrypted identifier by means of a key stored on the chip module, and the signed payment data and the signed, to transmit encrypted identifier to the central office. The switching center is adapted to transmit a message from the switching center to a payment institution belonging to the selected payment source, to debit the amount of money from the payment source.

Other features are inherent in the disclosed methods and apparatus or will be apparent to those skilled in the art from the following detailed description of embodiments and the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

• Fig. 1 zeigt ein System zur Zahlung eines Geldbetrags über ein eine SIM-Karte enthaltendes Mobiltelefon an einen Empfänger, gemäß einer ersten Variante der Erfindung;
• Fig. 2 zeigt einen Zahlungsvorgang in einem Online-Shop aus Sicht eines Kunden (mit SMS) gemäß der ersten Variante der Erfindung;
• Fig. 3 zeigt einen vollständigen Ablauf einer Online-Zahlung gemäß der ersten Variante der Erfindung;
• Fig. 4 zeigt einen Ablauf einer Zahlung unter Privatpersonen (Peer-to-Peer Zahlung) gemäß einer zweiten Variante der Erfindung;
• Fig. 5 zeigt einen vollständigen Ablauf einer Zahlung unter Privatpersonen (Peer-to-Peer Zahlung) gemäß der zweiten Variante der Erfindung;
• Fig. 6 zeigt einen Ablauf einer Peer-to-Cash Zahlung an eine Privatperson gemäß einer dritten Variante der Erfindung;
• Fig. 7 zeigt einen vollständigen Ablauf einer Peer-to-Cash Zahlung an eine Privatperson (Peer-to-Cash Zahlung) gemäß der dritten Variante der Erfindung;
• Fig. 8 zeigt einen Zahlungsvorgang an einem Verkaufspunkt (Point of Sale, POS) aus Sicht eines Kunden gemäß einer vierten Variante der Erfindung;
• Fig. 9 zeigt einen Zahlungsvorgang am Verkaufspunkt (Point of Sale) aus Sicht des Händlers gemäß der vierten Variante der Erfindung;
• Fig. 10 zeigt einen vollständigen Ablauf einer Zahlung am Verkaufspunkt gemäß der vierten Variante der Erfindung;
• Fig. 11 zeigt einen Zahlungsvorgang in einem Online-Shop (ohne SMS) gemäß einer fünften Variante der Erfindung;
• Fig. 12 zeigt einen Zahlungsvorgang in einem Online-Shop (ohne SMS) gemäß der fünften Variante der Erfindung;
• Fig. 13 ist eine diagrammartige Darstellung einer Ausführungsform eines Computersystems, das die Funktionalität einer Vermittlungszentrale aufweist.

Embodiments of the invention will now be described by way of example and with reference to the accompanying drawings, in which:

• Fig. 1 shows a system for the payment of a sum of money via a mobile phone containing a SIM card to a receiver, according to a first variant of the invention;
• Fig. 2 shows a payment process in an online shop from the perspective of a customer (with SMS) according to the first variant of the invention;
• Fig. 3 shows a complete flow of an online payment according to the first variant of the invention;
• Fig. 4 shows a sequence of a payment among individuals (peer-to-peer payment) according to a second variant of the invention;
• Fig. 5 shows a complete process of a payment among individuals (peer-to-peer payment) according to the second variant of the invention;
• Fig. 6 shows a flow of a peer-to-cash payment to a private individual according to a third variant of the invention;
• Fig. 7 shows a complete process of a peer-to-cash payment to a private person (peer-to-cash payment) according to the third variant of the invention;
• Fig. 8 shows a payment process at a point of sale (POS) from the perspective of a customer according to a fourth variant of the invention;
• Fig. 9 shows a payment transaction at the point of sale from the perspective of the dealer according to the fourth variant of the invention;
• Fig. 10 shows a complete process of a payment at the point of sale according to the fourth variant of the invention;
• Fig. 11 shows a payment transaction in an online shop (without SMS) according to a fifth variant of the invention;
• Fig. 12 shows a payment transaction in an online shop (without SMS) according to the fifth variant of the invention;
• Fig. 13 Figure 4 is a diagrammatic representation of one embodiment of a computer system having the functionality of a central office.

The drawings and the description of the drawings relate to embodiments of the invention and not to the invention itself.

DESCRIPTION OF PREFERRED EMBODIMENTS

Fig. 1 shows a system for payment of an amount via a mobile phone containing a SIM card to a recipient. Before, however, closer to the description of Fig. 1 Some aspects of the various exemplary embodiments of the invention will be discussed.

Some of the embodiments of the invention relate to a method of payment of money via a mobile terminal including a chip module, comprising: determining a payment source from a plurality of payment sources on the mobile terminal, confirming payment data comprising the particular payment source by entering a number belonging to a switching center Identifying, electronically signing the payment data and the encrypted identifier by means of a key stored on the chip module, transmitting the signed payment data and the signed encrypted identifier to the central office, and transmitting a message from the central office to a payment institution belonging to the selected payment source to debit the payment source.

The invention also relates to a computer program for a switching center, a computer program for a mobile terminal, and to the switching center, the mobile terminal and the chip module itself.

The invention also relates to a distributed system of mobile terminal and switching center on which the above method for payment of a sum of money proceeds, the method being partly carried out on the mobile terminal and partly on the switching center.

The method, in one embodiment, allows access to multiple payment sources, i. Credit cards, accounts, etc., without that security-related information regarding these payment sources (credit card numbers, etc.) are transmitted via the mobile network or stored on a terminal. The only information that the user needs to know is the secret identifier, e.g. a PIN assigned to him by the central office. This identifier belonging to the switching center authorizes or authenticates the user to the switching center. In embodiments of the invention, the identifier has the function in the manner of a password. By entering the identifier, the user confirms the payment data, in particular the selected payment source. Payment data also includes the price to pay and the recipient for whom the payment amount is ultimately intended.

In embodiments of the invention, the identifier is a PIN in the form of a character string. The knowledge of the PIN distinguishes the user as the authorized person at the switching center and releases the payment. In order to be able to process a payment via various payment institutions, ie, for example, credit institutions, etc., the user only has to memorize a single secret identifier, for example the PIN belonging to the switching center (in contrast to the SIM card PIN, which is used for authentication when switching on of the mobile phone) and he must have the mobile terminal, such as a mobile phone, physically available. The process is based on the fact that no new accounts, credit cards, etc. must be set up, but that the customer can continue to use his existing accounts, etc. for payment. The PIN is only transmitted in encrypted form ("transmitting ... the encrypted identifier") to the central office. Cryptosystems with public keys (public-key cryptosystems), such as the RSA method, are suitable for encrypting the PIN. The encryption takes place in the mobile phone with a public key of the switching center. After the switching center has received the encrypted PIN, it decrypts the PIN by means of the private key belonging to the public key and can look in a directory as to whether that PIN belongs to the user registered with the switching center. However, symmetric encryption methods (eg DES) are also conceivable for the encryption of the PIN, but this requires secrecy of the same, secret key on both sides. The to PIN associated with the central office authenticates the user to the central office.

In the context of embodiments of this invention, the term "mobile terminal" generally refers to non-stationary devices equipped for wireless communication with another subscriber (device), for example, via a cellular network, e.g. GSM, GPRS or UMTS, data communicate and can therefore be used anywhere. This term includes not only mobile phones but also portable computers with wireless or WLAN function or multifunction devices with features such as mobile, IP telephony, clock, camera, MP3 player, navigation device, game console, etc. For the latter devices has become the name smartphone (eg Blackberrys) or PDA-Phone enforced. A smartphone is a combination of a mobile phone with a personal digital assistant (PDA). Most smartphones have a keyboard and are like a regular mobile phone in the hand. Smartphones usually have a third-party operating system. It allows the user to install programs themselves at will. In contrast, mobile phones - in the narrow, original sense - usually have only a predefined program interface, which is limited, eg. B. can be extended by Java applications. Smartphones, unlike ordinary cell phones, can have a pressure-sensitive screen (touch screen) that allows manual entry with a finger or special stylus. Furthermore, the term "mobile terminal" in the present case but also a pure data radio modem for use in a e.g. Wi-Fi enabled notebook capture.

In a further embodiment, the mobile terminal is an independent payment terminal, which is used exclusively for carrying out the mobile payment according to the invention. A "chip module" in the exemplary embodiments of the invention is understood to mean an exchangeable chip or memory card or a permanently installed hardware storage module for subscriber-identifying data, e.g. for identifying the user in a network, such as a mobile network.

In a further embodiment, a chip module is a subscriber-identifying memory card, for example a SIM card (Subscriber Identity Module), which serves to identify the user in a mobile radio network. The SIM module generally represents, in addition to a mobile terminal, the second subscriber-identifying unit of the mobile station in a mobile radio network, such as GSM network, GPRS network, UMTS network, WCDMA network, etc. In UMTS networks, the SIM is Card is also commonly referred to as Universal Integrated Circuit Card (UICC). The function is the same. Furthermore, the term chip module in the present case also includes, for example, an R-UIM (Removable User Identity Module). This is a card designed for CDMA mobile devices that extends the GSM SIM card to CDMA devices and networks. A mobile station is the mobile terminal in the network.

In another embodiment, a chip module includes a processor and data storage and is protected by a changeable personal identification number (PIN) against unauthorized use. By the chip module, the mobile terminal is assigned to a user and this authenticated. For this purpose, secret numbers and algorithms are stored on the chip module. In the case of connections, these also serve to encrypt the voice and signaling data (enciphering).

With an exchangeable chip card, e.g. In a SIM card, mobile service providers provide subscribers with mobile phone connections and data ports. The chip card is protected by a changeable PIN (not the PIN of the switching center!) Against unauthorized use. It also serves to store temporary network-related data and preferred and blocked networks. In addition, a telephone and notebook, memory for short message service messages (SMS) and memory of the last-called telephone numbers can be integrated in the smart card. For example, a SIM card includes an I / O unit that controls access to the SIM card. It is the interface of the CPU of the SIM card to the mobile terminal. The CPU is mainly used for memory management, but it can also run small programs. The memory consists of a ROM, a RAM and only EEPROM. The operating system of the card is stored in the ROM. The RAM contains the data just used, it is volatile. User data is stored in the EEPROM. There, secret keys can also be stored, which are used for a signature and an encryption of the data to be transmitted.

Chip modules of the aforementioned type are suitable for storing a secret key, since their memory can not be easily read, so that the keys can be safely stored there. An EEPROM is an Electrically Erasable Programmable Read-Only Memory.

Preferably, the key for signing (a public and private key pair) in some embodiments is stored on the chip module, e.g. a SIM card itself created so that the private key must never leave the chip module. The public key is forwarded to the central office which checks the signatures received later. A change of the key is possible at any time. The chip module would have to generate only new key pairs and transmit the public key to the central office.

In other embodiments, the keys are generated externally if the chip module is e.g. the SIM does not support key generation. However, these embodiments are less advantageous because the transmission of the key to the chip module is fraught with security deficiencies.

Preferably, the part of the process running on the mobile terminal is completely covered by the chip module, e.g. the SIM card. This provides better protection against Trojans / viruses.

In other embodiments, the method runs on the processor of the mobile terminal, with only the encryption / signing of the chip module e.g. the SIM card is performed. Since the private key must never leave the SIM card, the signing can not be performed by the processor of the mobile phone.

For example, in the context of the present invention, an identifier is a PIN (Personal Identification Number), i. a number known only to one person (usually the owner of the mobile phone) with which it can authenticate itself to the central office. In the original sense, a PIN consists only of digits; in this document, a PIN (identifier) can be any string of a given minimum length.

It should be noted that the PIN associated with the switching center is not the PIN that the user of a mobile telephone usually enters in order to register with the network, but rather a PIN sent from the central office or the operator of the central office User is output.

The term "electronic signature" was first used by the European Commission in a revised draft of the EU Directive 1999/93 / EC in order not to link the legal regulations to a particular technology (i.e., cryptographic signature methods). The directive and the national signature laws of the member states based on it deliberately take the term very broadly: Electronic signatures are data in electronic form, which are attached to other electronic data or logically linked to it and which are used for authentication. In this sense, the term is also considered in the context of the present invention. The definition of electronic signatures therefore encompasses not only "digital signatures" but also other methods not based on cryptographic methods or on digital certificates.

In addition to the authenticity of the data, electronic signatures preferably also allow the integrity of the data to be checked (advanced electronic signatures). However, only electronic signatures based on digital signatures currently meet these requirements.

A digital signature is a cryptographic method in which a number (the digital signature) is calculated for a "message" (i.e., any data) whose authorship and affiliation to the message can be checked by anyone. Digital signatures are usually based on asymmetric cryptosystems and thus use a key pair consisting of a private (secret) and a public (non-secret) key. These keys are often referred to as a private signature key and public signature verification key. Often you can find the English names Private Key and Public Key.

From the data to be signed and the private signature key, the signature is calculated by a unique calculation rule. Certain data must almost certainly lead to another signature, and the signature must yield a different value for each key.

For a digital signature, the private key is typically not applied directly to the message, but to its hash value, which is calculated from the message using a hash function (such as SHA-1). To prevent attacks, this hash function must be collision-resistant, meaning that it must be virtually impossible to find two messages whose hash value is identical.

With digital signatures, it should be virtually impossible to falsify or falsify a signature, or to generate a second message for which this signature is also valid. This assumes that the private key can not be calculated from the public key.

Digital signatures, that is electronic signatures, are usually realized with the aid of so-called public-key methods. By far the best known and most widely used digital signature method is RSA. The security of RSA is based on the difficulty of breaking down large numbers into their prime factors (factorization).

The Elgamal cryptosystem is an encryption scheme based on the mathematical problem of the discrete logarithm. Elgamal is an asymmetric encryption algorithm based on the idea of the Diffie-Hellman algorithm, which works with these discrete logarithms. Elgamal can be used for both signature generation and encryption. The security of the Elgamal cryptosystem is based on the assumption that discrete logarithms are a trapdoor one-way function.

Another important method of digital signing is the Digital Signature Algorithm (DSA), a US government standard for digital signatures.

To sign a message, the sender encrypts it with its own private key. To verify, the recipient decrypts the message with the sender's public key and compares it to the additionally transmitted unencrypted message K. If they match, the signature is valid and the recipient can be sure that the person who signed the document also uses the private key and that no one has changed the document since signing. It guarantees integrity and authenticity, provided that the private key has really remained secret.

Since asymmetric methods are not suitable for processing larger amounts of data, in practice the message itself is not encrypted with the private key, but instead a hash value of the message is calculated. This then forms (usually together with some technically necessary information, such as the specification of the hash method used) the input for an encryption with the private key, the result of which is then the actual signature. The receiver can use the signature thus obtained with the decrypt the public key, thus preserving the hash value of the original message. Then he himself can determine the hash value of the message submitted to him and compare it with the hash value calculated by means of the public key. If the two hash values match, it is highly probable that the message was transmitted without error and is not fake.

For a more detailed discussion of public-key signature processes, especially their mathematical foundations, let's look at Dietmar Wätjen " Cryptography - Basis, Algorithms, Protocols ", 2nd edition, 2008, Spektrum Verlag, pages 65-130 directed.

By using a secure electronic signature, which is considered legally binding in the country of use, payment is made legally binding. This can avoid later denying or contesting the payment, which is of great benefit to the merchant, as he does not have to repay received cash payments.

The term "source of payment" in the sense of this application comprises an account checking account, deposit etc. at a payment institution, in particular credit card organization. The term may also refer to a credit card or credit card number or debit card (EC card), which in turn is associated with an account.

In the context of the present invention, the term "payment institution" includes any companies that manage accounts and payment transactions (debits / credits) between accounts, in particular credit institutions. In particular, credit card organizations, which either manage their own accounts or cooperate with other banks that then manage accounts, are also covered by the term.

The switching center is preferably a Trusted Third Party (TTP), which is a third party trusting two parties (here the customer / user and the payee). The use of TTPs requires that they are extremely well secured against unauthorized access from the outside. The payment institutions participating in the payment procedure are provided with certification and regular control of the switching center.

In some embodiments, the switching center is a computer system in the sense of one or more server (server farm) or data center that processes and forwards the incoming data. A server farm is a group of similar, networked server hosts that are connected to a logical system. It optimizes the internal processes by distributing the workload between the individual servers and accelerates the computer processes by exploiting the power of several servers.

A computer program runs on the server, which controls the server accordingly, in order to ensure a smooth procedure of the payment procedure. In addition, the central office can do even more tasks that can not be done by one or more servers, so understood by the term "switching center" in the broad sense, the operator of the switching center (central office organization, central office) and the associated staff including the building can be. In the embodiments of the present invention, the switching center has the task of processing the payment between the customers involved, the merchant and the banks, and does not itself make a transfer or payment of money.

The security concept of embodiments of the present invention is based on the following principles. To make a payment, the user needs, for example, his mobile phone and his ID or PIN. As already described above, this is not the PIN by means of which the user authenticates himself when the mobile phone is switched on to the SIM card, but rather a PIN issued by the switching center. This PIN is not stored on the mobile phone and is only transmitted in encrypted form. A transmission from the mobile telephone to the central office is more secure than a transmission from a landline computer, since a wireless connection can be tapped worse than a landline connection. A stolen mobile phone is worthless without a PIN, and a learned PIN is worthless without the mobile phone. Further, once the user uses this payment method, he only needs to remember the PIN associated with the central office (issued by the central office) and can forget the PINs of his debit and credit cards because he no longer needs them. In other words, the PIN issued by the switching center replaces the access data (authentication data) of the credit institutions existing payment sources so that the user no longer needs them. On the SIM card no secret access data / authentication data (such as credit card number, EC PIN) are stored with regard to the payment sources or information about the user, but only a signature key.

In the event that the mobile phone is not stolen but someone, for example, spy on all data from the mobile phone via a Trojan or a Bluetooth vulnerability, the method offers the advantage that a secret key is stored on the SIM card which is not read out can be used only as a key to cryptographic authentication. This is analogous to the method the user performs to log in to a cellular network.

Not all currently existing SIM cards allow the storage of a secret key, so the method depends on the publishers of SIM cards offering SIM cards with the appropriate functionality.

The SIM cards used must have sufficient capabilities to create, store or use the required cryptographic keys. Suitable cards already exist.

The central office acts as a switching system for secure credit and debit card payments. The actual payment is made directly via the payment institutions / credit institutions. The security concept is based on a digital signature with a hardware key on the SIM card in conjunction with a PIN belonging to the switching center. Since no sensitive / security-relevant data are transmitted, a complete spying would have no consequences.

1. 1. Zahlung über das Internet in Online-Shops (mit SMS)
2. 2. Sogenannte Peer-to-Peer-Zahlungen, d.h. Zahlungen zwischen gleichgestellten Personen, also zum Beispiel Privatpersonen
3. 3. Sogenannte Peer-to-Cash-Zahlungen, d.h. Bargeld-Transaktionen
4. 4. Zahlungen am Point of Sale, also Ladengeschäften, Gaststätten, Tankstellen etc. und
5. 5. Zahlung über das Internet in Online-Shops (ohne SMS)

The method presented in this application offers the possibility of credit and debit card payment via the mobile phone. The method can be used in the following variants:

1. 1. Payment via the Internet in online shops (with SMS)
2. 2. So-called peer-to-peer payments, ie payments between peers, such as individuals
3. 3. So-called peer-to-cash payments, ie cash transactions
4. 4. Payments at the point of sale, ie shops, restaurants, petrol stations etc. and
5. 5. Payment via the Internet in online shops (without SMS)

In some embodiments of the invention, the system uses the already existing credit or debit cards. The actual payment remains a pure card payment, so that the switching center takes over only a mediator function. The payment stream does not go through the central office.

The payment process is safer than paying with a conventional credit card, both in terms of potential card-reading and in the event of loss. The payment procedure is just as quick or faster to process than payment with a conventional credit or debit card. A credit card is a card used to pay for goods and services. It can be used worldwide, both in real daily business and private life as well as in electronic commerce. It is either issued by banks in cooperation with credit card organizations, or directly by the credit card organization.

EC (Electronic Cash) is the debit card system of the Central Credit Committee, the representation of the leading German financial sector associations. With Electronic Cash, a card payment is made by entering a PIN at a terminal.

A debit card is a bank card that can be used to make cashless payments or cash withdrawals at ATMs. Unlike credit cards, the current account of the cardholder is charged immediately or within a few days after purchase.

The payment procedure also offers the integration of existing customer loyalty and information programs as well as the creation of a superordinate customer information program.

In some embodiments of the invention, determining a payment source includes selecting a payment source from multiple payment sources.

In some embodiments of the invention, in addition to the identifier, another authentication mechanism, such as checking the iris, the fingerprint, etc., is used.

In some embodiments of the invention, the payment institution comprises a credit institution, a credit card organization, or a bank.

In some embodiments of the invention, the plurality of selectable payment sources include multiple accounts or multiple credit cards of a customer.

In some embodiments of the invention, the payment data is encrypted in addition to the PIN. For this purpose, an "encryption key" is located on the SIM card next to the signature key. Like signature generation, encryption is preferably based on public-key cryptosystems.

In some embodiments of the invention, the payment data is non-confidential payment data. This includes essentially all information except the PIN, which according to the invention represents a secret information to be kept. This means that confidential payment information, such as the credit card number, is not transmitted to the central office.

In some embodiments of the invention, the PIN is issued by the central office (or central office operator). The output can be made in particular by the fact that the customer receives his PIN by post in a letter.

In some embodiments of the invention, the key stored on the SIM card is a private key and the switching center has the associated public key to verify the signature

In some embodiments of the invention, the method includes crediting the amount of money to the recipient of the payment. In addition, in some of these embodiments, the recipient of the payment receives confirmation of payment from the central office.

In other embodiments of the invention, the payment source is an indication of an account at a payment institution, for example, a bank or credit card organization, or a credit card number.

In some embodiments of the invention, the central office is a trusted third party. The trustworthiness of the central office is of great importance, since all parties participating in the payment process (customers, merchants, credit institutions) must trust the central office as it instructs the credit institutions to transfer funds.

In some embodiments of the invention, the payment data and the identifier (PIN) are checked based on the electronic signature in the central office.

In some embodiments, the PIN is checked (in decrypted form). This process refers to checking if the received PIN is too belongs to a person who is registered in the central office as a participant in the payment method.

In some embodiments, the user selects a payment source via a selection menu displayed on the display of his mobile phone.

In some embodiments of the invention, a user may select only among those payment sources that a payee accepts for a given payment. In these embodiments, the user is shown only those accounts / credit cards, etc. on the display of his mobile phone, which he can use for payment to a corresponding merchant or payee. This may be required if the payee does not accept all the credit cards the user has registered with the payment system.

In some embodiments, the signed payment data and the signed, encrypted PIN are transmitted along with a time stamp to the central office.

In some embodiments, the transmission to the central office occurs via an IP connection. In principle, however, any type of data connection is conceivable, such as e.g. SMS or e-mail.

1st variant: Payment via the Internet in the online shop (with SMS):

In some embodiments of the invention, the payment method is used in an online shop. First, the user enters on a web page, usually the website of the online shop, a mobile terminal identifying string in an input mask (input interface). The string is transmitted to the recipient of the money. The mobile phone of the user then receives relevant payment data from the central office via SMS, Bluetooth, NFC, (Near Field Communication, see below) or IP data transmission. In some embodiments of this variant, if the user has multiple payment sources available in the system, he is able to choose between the payment sources. The user confirms the payment by entering the identifier belonging to the switching center. The dealer of the online shop receives confirmation from the central office about the successful payment and shows this to the customer.

In some embodiments of the invention, the user enters an anonymous identification string instead of the phone number of his cellphone.

No credit card information is provided to the merchant or over the internet. Furthermore, no security-relevant data must be entered on the PC, so even Trojans and viruses can not spy out any credit card information. A safe shopping, even from Internet cafes or other foreign PCs is easily possible. In addition, the customer does not have to worry about each Internet offer again about whether the respective dealer is to be trusted. Furthermore, the entire online processing can be done on the website of the dealer. Another advantage for the merchant is that he does not have to take any special security precautions for credit card processing. In addition, no responsibility for the storage of credit card data must be assumed.

A payment can only be made by anyone who knows both PIN and possessed e.g. a mobile phone is. On the mobile phone (especially on the SIM card) no payment or card data or PINs are stored.

As described above, the SIM card stores a private key to sign transactions. It serves as proof that the payer / user is also the owner of the phone. A readout - e.g. through Trojans or viruses - is technically impossible. This is an advantage of storing secret keys on the SIM card of the mobile phone. Even the dealer will not be sent card data, but this will be transferred directly to the bank. The dealer only gets a payment confirmation.

2nd variant: Peer-to-peer payment

Some embodiments of the invention relate to a peer-to-peer payment. In this case, a sum of money is not transferred to an online retailer, but another private person. The payee in these embodiments is a person having a second mobile phone, ie, a person other than the payer who also owns a mobile phone. In these embodiments, the method further comprises inputting a character string identifying the second mobile terminal into the (first) mobile telephone. As described above, the user then selects one payment source from several Payment sources. It confirms the payment data, which include the indication of the selected payment source, by means of a PIN belonging to a switching center. Then the payment data and the encrypted PIN are signed by means of the secret key stored on the SIM card. The encryption of the PIN can also be done by a key stored on the SIM card. Subsequently, these signed data are transmitted to the central office. The central office checks the payment data and PIN using the digital signature. The switching center in turn transmits a message to the selected payment source or a bank belonging to the selected payment source to transfer the amount of money to the recipient. Thereafter, the payee optionally receives a confirmation by SMS that the money has been credited to his account.

3rd variant: peer-to-cash

This variant can be considered as a sub-variant of the 2nd variant. In this variant, the money is not transferred to the recipient, but the recipient can take the cash in cash.

In some embodiments of the invention, the cash amount is to be paid in cash to the recipient. In these embodiments, the method begins again with the user entering a character string identifying the second mobile terminal into his mobile phone. Afterwards he has the possibility to determine a payment source, from which the amount of money should be transferred. He confirms the payment data by entering his belonging to the switching center identifier. Subsequently, the payment data including the identifier is signed with a public key signature and transmitted to the central office. There, the data is checked by means of the identifier and the signature. The recipient receives via SMS or IP transmission a visible on the display of his mobile phone, machine-readable pattern (eg, a barcode). With this barcode, he can contact a dealer (payee) who has a cash register system with a scanner that can read the barcode. After the barcode has been scanned, the cash amount is paid in cash to the recipient. Then the amount of money is credited to the dealer (payee).

In some embodiments of the invention, the user may also have the cash paid out to himself. In these embodiments, the first mobile terminal and the second mobile terminal are identical and the user inputs his own telephone number.

4th variant: payment at the point of sale

In some embodiments of the invention, the method relates to payments at the point of sale - ie in department stores, gas stations, etc. The customer does not need to present a credit or debit card, but the payment process is handled exclusively on the mobile phone. The used POS system must be connected or integrated with the central office. The wireless Bluetooth or NFC technology is used for free communication between the mobile phone and the POS system - and via this with the central office.

In these embodiments, communicating the signed payment data and the encrypted signed identifier to the central office involves transmitting the signed payment data and the signed encrypted identifier to the recipient via a Bluetooth or NFC connection and then transmitting the encrypted data packet (payment data and Identifier) from the receiver to a central office.

Bluetooth is an industry standard compliant with IEEE 802.15.1 for wireless networking of devices over short distances. Bluetooth forms the interface through which both small mobile devices such as mobile phones and PDAs as well as computers and peripherals can communicate with each other. The main purpose of Bluetooth is to replace cable connections between devices.

In some embodiments of the invention, the method further comprises activating a payment mode on the mobile phone, displaying a Bluetooth or NFC identifier as a machine-readable pattern (eg, bar code) in the display of the mobile terminal. Then, the barcode is scanned by a scanner of the receiver and transmitting payment data to the mobile phone via a Bluetooth connection. In other embodiments, the NFC (Near Field Communication) standard is used instead of the Bluetooth technology. NFC is a transmission standard for the contactless exchange of data over short distances. NFC enables the exchange of various information, such as: For example, phone numbers, pictures, MP3 files, or digital permissions between two devices that are held close together. A primary application of NFC concerns mobile payment methods. Users can pay by mobile phone by holding it close to a payment terminal (POS system).

In some of these embodiments, the recipient is a merchant and the mobile is in the vicinity of a merchant's POS system when paying.

The embodiments that are suitable for use at the point of sale offer increased security. Card data will not be shared with third parties (including dealers). The user no longer has to take credit cards with them. The user has a clear cost control. Another advantage is that the customer no longer has to rely on third-party input devices. The risk of manipulated card terminals is eliminated.

5th variant: offline payment (without data connection or SMS)

Some embodiments of the invention relate to a method of paying a cash amount via a mobile terminal containing a chip module to a recipient. The method includes entering payment data including an indication of a payment source and an identifier associated with a switching center on a mobile terminal. Then, a confirmation code is calculated on the basis of the identifier, the payment data and a time stamp by the mobile terminal. The payment data, a character string identifying the mobile terminal and the confirmation code are conveyed by a payee to the central office. Finally, a message is transmitted from the central office to a payment institution that belongs to the selected payment source or that is the selected payment source to debit the amount of money from the payment source.

In some of the embodiments of this variant, the payee is an online store.

In some embodiments, the user selects one of several possible payment sources. The sources of payment represent the accounts, depots etc. available to the user.

In some of these embodiments, upon receipt of the payment data, the mobile terminal identifying string, and the confirmation code by the central office, the payment data and the confirmation code are checked by the central office.

In some embodiments, the verification code is a hash (e.g., MD5 or SHA1) about the payment data (merchant, amount, currency, credit card), date / time, and additionally a secret shared with the central office (Salt). The calculated hash is then converted into a "user-friendly" string. In this case, a compromise between sufficient cryptographic view length and reasonable for the user to find a length. (Basically, a second hash over the first one, the result of which is easy for a user to read and enter.)

In some embodiments of the invention, acknowledgment of payment to the recipient by the central office takes place at the end.

In some embodiments of the invention, the payment data is non-confidential payment data that may be transmitted without security risk.

In some embodiments of the invention, the identifier is output from the central office to a user.

In some embodiments of the invention, the payment source includes an indication of a credit institution, a credit card, a credit card organization, a debit card, or an account.

In some embodiments of the invention, the switching center is a trusted third party.

Some embodiments relate to a computer program that is either in the form of a machine readable medium having program code stored thereon or in the form of a propagated signal comprising a representation of a program code, the program code being arranged, a method of payment of an amount of money when executed on a computer system used as a switching center, the method comprising: receiving signed payment data comprising a user-designated payment source, receiving one to the central office belonging, encrypted identifier, which was transmitted to confirm the payment data from the mobile terminal; Checking the payment data and the encrypted identifier based on the electronic signature on their authenticity; Checking the decrypted identifier, and transmitting a message to the selected payment source or a payment institution belonging to the particular payment source, to debit the payment amount from the payment source.

Other embodiments of the invention relate to a computer system for use as a switchboard on which the above computer program is installed.

Some embodiments of the invention relate to a computer program which is either in the form of a machine readable medium having program code stored thereon or in the form of a propagated signal comprising a representation of a program code wherein the program code is adapted to a method to execute payment of an amount of money when executed on a mobile terminal including a chip module, the method comprising: enabling the user to determine a payment source, allowing the user to enter payment data comprising the particular payment source by entering a number belonging to the switching center To confirm identification, electronically signing the payment data and the signed, encrypted identifier by means of a key stored on the chip module, and transmitting the signed payment data and the signed, encrypted identifier to the switching center.

The customer (user) loads the computer program onto his mobile phone as follows. Smartphones, especially Blackberrys, bring with them from home a function for data exchange, so it does not need to be discussed in detail. The computer program, which is offered online, for example, is loaded on a PC. If both PC and mobile phone have an infrared or Bluetooth interface, the program file can be played over it on the mobile phone. Furthermore, the program file can be moved from the PC to the mobile phone with a data cable suitable for the mobile phone. The computer program can also be downloaded directly from the website to the mobile phone, without the intermediate step from the PC to the mobile phone.

Yet other embodiments of the invention relate to a mobile terminal on which the computer program is installed.

However, the computer program may also be purchased in the form of a chip module (e.g., SIM card) and inserted into a mobile terminal so that it will not require installation by the user. For security reasons, this solution is to be preferred. Therefore, some embodiments of the invention relate to a chip module on which the computer program is stored and which is designed to execute the computer program.

Some embodiments relate to a system for paying a monetary amount. The system comprises a switching center and a mobile terminal containing a chip module. The mobile terminal is adapted to allow the user to specify a payment source and to confirm the payment data comprising the particular payment source by entering an identifier associated with the switching center. The payment data and the encrypted identifier are signed by means of a key stored from the chip module, and the signed payment data and the signed, encrypted identifier are transmitted to the switching center. The switching center is adapted to transmit a message from the switching center to a payment institution belonging to the particular payment source, to debit the amount of money from the payment source.

Some implementations of the computer program (computer program product) with program code for carrying out the described methods include any machine-readable medium capable of storing or encoding the program code. Accordingly, the term "machine-readable medium" is to be construed to include, for example, fixed storage and removable and non-removable optical and magnetic storage media. In other embodiments, the computer program is in the form of a propagated signal that includes a representation of the program code, which is becoming increasingly the usual way to distribute software. The signal is carried, for example, on an electromagnetic wave, eg via a copper cable or transmitted over the air, or a light wave transmitted through an optical fiber. The program code may be machine code or other code that can be converted to machine code, such as source code in a general purpose programming language, eg, C, C ++, Java, C #, etc. The embodiments of a computer system may be commercially available general purpose computers compatible with the Program code are programmed.

Of course, it is possible to combine one or more of the features presented in connection with one of the variants of the invention with another variant, so that hybrid forms ("hybrid variants") result. (This applies in particular to features of the dependent claims which have been assigned to a variant.) These mixed forms of the variants are hereby likewise disclosed.

Turning now to the embodiment of Fig. 1 back, so you see there a user 1, who is currently visiting the website 2 of an online store 3 over the Internet. The online shop 3 is a web application that the server 4 of a merchant 5 provides to the user 1 via the Internet. In an input mask 6 of the online shop, the user 1 is shown the amount that he has to pay for a purchased product. The user 1 then enters into the input mask 6, the phone number of his mobile phone 7 and then receives from a central office 8, the relevant payment data 15 (such as amount, purchased product, name of the merchant, etc.) sent by SMS to his mobile phone 7. There he can check the payment data 15 in the display 10 of his mobile phone 7 and can also select a payment menu 14 a payment source 14.1, 14.2. In the present case, the user 1 has two payment sources 14.1 and 14.2 available. A credit card that runs through an account 14.1 at the credit institution KI_1 9.1 and an account at the credit institution Kl_2, to which it has access via debit card. The user 1 selects one of the payment sources 14.1, 14.2 displayed in the display 10 selection menu 13 of his mobile phone 7 and confirms this and the remaining payment data 15 by entering a PIN 11, which was communicated to him by the switching center 8.

In this case, the user 1 in the selection menu 13 of his mobile phone 7 all his credit cards / accounts at various banks 9.1, 9.2 displayed, from which he can carry out the debiting of a sum and he has registered for use by the payment system at the central office 8. As mentioned above, in some embodiments, selecting occurs via a select menu 13 that displays only those payment sources of the customer that a payee (here: merchant 5) accepts as a payment source. In these cases, in advance, for example, when the payment data 15 are sent by SMS to the mobile phone 7, a communication between the Switching center 8 and the mobile phone 7 instead, in which the mobile phone 7, the available payment sources are displayed.

The PIN 11 is then encrypted by means of a public key of the switching center 8, and the payment data 15 (which now also include the selection of the payment source) and the encrypted PIN 11 'by means of a stored on the SIM card 12 of the mobile phone 8 private key 16 digitally signed. This digital signing is done with a private signature key 16 of a public-key signature method, which is securely stored on the SIM card 12. This data packet 19 is now transmitted by mobile phone 7 via the mobile network to the switching center 8. There, the received payment data 15 and the PIN 11 'are first checked for authenticity and integrity with the aid of the digital signature by means of the associated public signature key of the mobile telephone 7, and the PIN 11 is used with the private key of the switching center belonging to the public key 8 decrypted. Because the signature is correct, the switching center 8 recognizes that the data packet 19 was not changed during the transmission and actually came from the mobile telephone 7. The PIN 11 allows her to ensure that the purchase was actually made by a customer who is registered in the payment process. On the basis of the payment data 15, the switching center 8 recognizes who the recipient of the money is and which of the available payment sources 9.1, 9.2 the user has selected. In the present example, the credit card that passes through account 14.1 at KI_19.1 has been selected as payment source 14.1. Therefore sends the switching center 8 now on a secure way (eg the Internet Protocols SSL or HTTPS, or a dedicated line (ie not over the Internet)) a message 17 to the bank KI_1, the desired amount of money to the dealer 5, the account of the switching center. 8 is also known to transfer. The credit institution KI_1 now transfers the amount of money to the account 14.3 of the merchant 5 at the credit institution KI_3. Lastly, a confirmation message 18 is sent to the server 4 of the merchant 5 that the payment was successful.

Fig. 2 illustrates the payment in the online shop 3 from the perspective of the customer / user 1 (with SMS) according to the first variant of the invention.

At 20, the customer enters his mobile number for payment in the online shop. At 21, the mobile phone 7 receives in the background via SMS (or e-mail) the relevant payment data 15 from the central office 8. This activates the payment application. The customer 1 now selects one of the payment sources 14.1, 14.2 available to him and confirms the payment by entering his PIN 11. At 22, the merchant 5 receives a confirmation 18 from the exchange 8 about the successful payment and indicates this to the customer 1 ,

Fig. 3 illustrates the complete process of paying a payment in the online shop 3. At 23, the customer goes to the virtual cash register of the online shop 3. At 24, the customer is asked to enter his mobile number in the input form. Alternatively, he may indicate an anonymous identification number, which also uniquely identifies his mobile telephone 7. At 25, the customer gives his mobile number on the website 2 of the online shop 3, which are transmitted to the online shop 3. At 26, the online shop 3 sends the payment data 15 (amount of money, merchant, etc.) and the customer's mobile number to the central office 8. At 27, the central office 8 sends an SMS with the payment data 15 to the customer's mobile 7. At 28, the mobile 7 displays the amount of money, the merchant 5, and available payment sources (here: credit cards). At 29, the customer selects one of the available credit cards on the display of his mobile phone 7 and confirms the payment data 15 by entering a PIN 11 belonging to the switching center 8. Subsequently, the payment data 15 and the encrypted PIN 11 'are digitally signed at 30. The signed data 19 are transmitted from the mobile telephone 7 to the switching center 8. At 31, the central office 8 checks the received data by means of the attached electronic signature and decrypts the PIN 11 '. This is followed by the payment processing with the bank, which belongs to the credit card, which the customer has selected at 29. The credit institution 9.1 transfers the money to the account 14.3 of the dealer. At 32, the display 10 of the mobile phone 7 displays the successful payment.

Fig. 4 refers to a direct payment (eg between private individuals), both of which have a mobile phone 7 and are registered with a switching center 8, according to a second variant of the invention. At 40, the first user indicates the mobile number of the second user on the display 10 of his mobile phone 7 and selects a payment source 14. At 41, the first user confirms the payment data via PIN 11 and the payment is executed. The Amount of money will be deducted from the bank account of the first user 1 and credited to the bank account of the recipient.

Fig. 5 shows a complete expiry of a peer-to-peer payment. At 45, customer 1 enters on his mobile phone 7 the mobile number of the recipient, the amount of money and his from the switching center 8 assigned PIN 11 in his mobile phone 7 a. At 46, the payment data and the PIN are digitally signed in encrypted form with the aid of the private key 16 stored on the SIM card, and the payment data 15 and the PIN 11 are transmitted to the central office 8 by SMS or e-mail (IP connection). At 47, the transmitted data 19 is checked on the basis of the signature and the PIN 11. Payments are made with the credit card company 9 belonging to the selected credit card. At 48 a confirmation message is sent to customer 2 (payee) and at 49 a confirmation is sent to customer 1 (payer).

Fig. 6 shows a flow of a peer-to-cash payment according to a third variant of the invention. At 60, the payer for the peer-to-cash payment indicates the mobile number of the recipient and the amount of money. The payer also selects the credit card he wants to use for payment. At 61, after confirming the payment data and the PIN 11 '(in encrypted form) by entering a PIN belonging to the central office 8 into the mobile 7, the payment is made and the amount of money can be fetched by the recipient. At 62, it is shown how the recipient in a partner store presents the bar code displayed on his mobile phone 7 for that payment. The barcode is scanned in a cash register system with scanner 63 and checked. Thereafter, the amount of money is paid to the recipient.

Fig. 7 shows a complete flow of a peer-to-cash payment according to a third variant of the invention. At 70, a customer enters on his mobile 7 the mobile number of the recipient and the amount to be paid. He also selects a credit card from which the money is to be debited. Then, it confirms the payment by inputting the PIN 11 issued from the exchange center 8. At 71, an electronic signature of the payment data and the encrypted PIN 11 'is performed. The payment data and the encrypted PIN 11 'are transmitted by SMS to the switching center 8. At 72, the electronic signature and PIN (after decryption) 11 are checked. There is a payment transaction via the selected credit institution 9. That is, that the payer is deducted the amount of money from his selected payment source 14. At 73, the central office 8 sends an SMS with the barcode to the payee (customer 2). This sets at 74 the barcode that the display 10 of his mobile phone 7 indicates at the cash register. At 75, a confirmation is sent to the paying partner. At 76, the partner's POS system scans the bar code displayed on the display 10 of the mobile phone and pays the amount of money to customer 2.

Fig. 8 illustrates the payment process at the point of sale from the perspective of the customer according to a fourth variant of the invention. At 80, after activating the payment mode, the mobile phone 7 displays a bar code, via which the Bluetooth identifier of the mobile phone is given to the merchant. From this point on, the communication between mobile phone 7 and merchant 5 is via a Bluetooth connection. At 81, the user in the display 10 of his mobile phone 7 has the option to select one of several payment sources (debit cards, credit cards, etc.). Only the cards that are actually accepted by the dealer are displayed. At 82, the merchant, the amount of money, and the card are displayed. The payment is confirmed by entering the PIN 11. In this case, an encrypted data packet (which can only be decrypted by the switching center 8) is transmitted to the merchant, who forwards this to the switching center 8. At 83, the successful payment is displayed on the display 10 of the mobile phone 7 after the switching center 8 has completed the card payment for the merchant 5.

Fig. 9 illustrates a payment transaction at the point of sale from the perspective of the merchant 5. In order to ensure increased security, the switching center 8 forwards the data directly to the credit institution 9. The dealer himself does not get to see the credit card details at any time. The POS system only forwards an encrypted data packet from the customer's mobile phone 7 to the switching center 8, which can only be decrypted by the switching center 8. At the end, the successful payment is confirmed.

Fig. 10 illustrates a complete process of payment at the POS according to the fourth variant of the invention. At 100, the customer activates the payment mode of his mobile phone 7. Thereupon the mobile phone 7 shows at 101 his Bluetooth identification as a barcode. At 102, the customer holds his mobile 7 to the scanner of the merchant. At 103, the merchant 5 sends the relevant payment data 15 to the mobile phone 7 of the customer. At 104, the mobile 7 displays the amount of money to be paid, the merchant, and the available cards in its display 10. The customer selects at 105 a card and confirms the payment by entering his PIN 11, which he has received from the switching center 8. At 106, the payment data 15 and the PIN 11 are transmitted to the merchant via a Bluetooth connection in encrypted form with signature, readable only by the central office 8. At 10, the merchant 5 forwards the encrypted data to the switching center 8. At 108, the switching center 8 checks the received payment data on the basis of the signature and the PIN. The payment is processed with the credit institution 9. The dealer receives a confirmation of payment at 109 and the mobile phone 7 indicates the successful payment at 110.

Fig. 11 shows a payment process in an online shop from the customer's point of view (without SMS).

This variant of the invention, like variant 1, again refers to a payment method in an online shop 3. At 120, the customer is requested for payment in the online shop 3 to enter his mobile number and a confirmation code. At 121 he enters on the mobile phone 7, the relevant payment data 15 and confirms this by entering his PIN 11. The mobile phone 7 calculates the confirmation code. After entering the own number and the confirmation code confirmed at 122, the switching center 8 the dealer 5 the payment. The payment has been made.

Fig. 12 shows a payment transaction in an online shop (without SMS) with confirmation code.

Since the user can not enter a complete encrypted data package, the SMS-less processing data will be converted by the mobile phone 7 in a tamper-proof confirmation code in the SMS-less processing by the user is entered on the website 2 of the online store 3. The online shop 3 then passes this, together with the payment data 15, which it "claims", to the central office 8, in order to have the payment confirmed.

Fig. 13 is a diagrammatic representation of a computer system that provides the functionality of a switching center 8 according to the invention and therefore is referred to as a "switch center computer system" 8. In the central office computer system 8, a set of commands to cause the computer system 8 to perform the methodologies discussed herein may be executed. The switch center computer system 8 includes a processor 130, a main memory 131 and a network interface device 132 which communicate with each other via a bus 129. Optionally, it may further include a static memory 134 and a drive unit 135. A video display 136, an alphanumeric input device 137 and a cursor control device 138 may form a user interface of the switching center computer system 8. A set of instructions (ie, software) 139 that embodies any or all of the methodologies described above resides wholly or at least partially in or on a machine-readable medium, eg, main memory 131 and / or processor 130. A machine-readable medium upon which the software resides 139 may also be a volume 140 (eg, a non-removable hard drive or an optical or magnetic removable disc) that is part of the drive unit 135. The software 139 may also be transmitted or received as a propagated signal 141 over the Internet via the network interface 132.

The above-described embodiments of the invention allow secure payment by mobile terminals from a plurality of payment sources available to the user.

All publications and existing systems in this specification are incorporated herein by reference.

Although certain methods and apparatus provided in accordance with the teachings of the invention have not been described herein, the scope of this patent is not so limited. On the contrary, this patent covers all embodiments of the teachings of the invention which fall within the scope of the appended claims, either literally or in the meaning of equivalence.

Claims (24)

A method of payment of a cash amount via a mobile terminal including a chip module, comprising: Determining a payment source on the mobile terminal, Confirming payment data comprising the particular payment source by entering an identifier associated with a central office, at least partially electronically signing the payment data and the encrypted identifier by means of a key stored on the chip module, Transmitting the signed payment data and identifier to the central office, and Transmitting a message from the central office to a payment institution belonging to the particular payment source to debit the amount of money from the payment source. The method of claim 1, wherein determining a payment source comprises selecting a payment source from multiple payment sources. A method according to claim 1 or 2, wherein the payment data and the identifier are checked on the basis of the electronic signature in the switching center. Method according to one of the preceding claims, wherein no security-relevant data belonging to the payment source are transmitted. Method according to one of the preceding claims, wherein a user can select only among those payment sources that a payee accepts for a respective payment. Method according to one of the preceding claims, wherein the key stored on the chip module is a private key and the switching center has the associated public key. The method of any one of the preceding claims, further comprising then confirming payment to the recipient by the central office. Method according to one of the preceding claims, wherein the payment source represents an account at a payment institution, in particular a bank or a credit card organization, or a credit card number. Method according to one of the preceding claims, which further comprises before: Transmitting a mobile terminal identifying string to a recipient of the amount of money, and Receive payment data on the mobile device via SMS, Bluetooth, NFC or IP data transmission. The method of claim 9, wherein a recipient of the money is an online store and the identifying string is entered via an input interface of the online store. A method according to claim 9 or 10, wherein a character string identifying the mobile terminal is the telephone number of the user's mobile telephone or an anonymous identification character string. A method according to any one of claims 1 to 8, wherein the mobile terminal is a first mobile terminal, a receiver is a person having a second mobile terminal, and the method further comprises Inputting a character string identifying the second mobile terminal into the first mobile terminal. The method of claim 12, wherein the method further comprises: Received by SMS or IP transmission at the receiver of a visible in the display of the second mobile device, machine-readable pattern, Scanning the pattern by a payee, Pay out the amount of money to the recipient, and Credit the amount of money to the payer. The method of claim 13, wherein the first mobile terminal and the second mobile terminal are identical. The method of one of claims 1 to 8, wherein communicating the signed payment data and the signed encrypted identifier to the central office comprises: Transmitting the signed payment data and the signed, encrypted identifier via a Bluetooth or NFC connection to the recipient, and Transmitting the encrypted data packet from the receiver to the central office. The method of claim 15, further comprising: Activate a payment mode on the mobile device, Displaying a Bluetooth or NFC identifier as a machine readable pattern in the display of the mobile terminal, Scan the pattern through a scanner of the receiver, and Transfer payment data to the mobile device via a Bluetooth or NFC connection. A method of payment of a cash amount via a mobile terminal including a chip module, comprising: Inputting payment data comprising an indication of a payment source and an identifier belonging to a switching center on a mobile terminal, Calculating a confirmation code based on the identifier, the payment data and a time stamp by the mobile terminal, Transmitting the payment data, a character string identifying the mobile terminal and the confirmation code from a payee to the central office, and Submitting a message from the central office to a payment institution belonging to the selected payment source to debit the payment amount from the payment source. The method of claim 17, further comprising then confirming payment to the recipient by the switching center. A computer program, either in the form of a machine-readable medium having program code stored thereon or in the form of a propagated signal comprising a representation of a program code, the program code being adapted to execute a method of payment of a sum of money when stored on a computer running as a switching center, the method comprising: Receiving signed payment data that includes a user-defined payment source, Receiving a signed, encrypted identifier associated with the switch center that has been transmitted from a mobile terminal to confirm the payment data; Checking the payment data and the encrypted identifier based on the electronic signature; Check the decrypted identifier, and Transmitting a message from the central office to a payment institution belonging to the particular payment source to debit the amount of money from the payment source. A computer system for use as a switchboard on which the computer program of claim 19 is installed. A computer program, either in the form of a machine-readable medium having program code stored thereon or in the form of a propagated signal comprising a representation of a program code, the program code being adapted to execute a method of payment of a sum of money when stored on a computer executing a mobile terminal including a chip module, the method comprising: Allow the user to specify a payment source and confirm payment data comprising the selected payment source by entering an identifier associated with the central office; at least partially electronically signing the payment data and the signed, encrypted identifier by means of a key stored on the chip module, and Submitting the signed payment data and ID to the central office. Mobile terminal on which the computer program according to claim 21 is installed. Exchangeable chip module on which the computer program according to claim 21 is stored and which is designed to execute the method. A system for payment of a sum of money, comprising a switching center and a mobile terminal containing a chip module, wherein the mobile terminal is designed: to allow the user to determine a payment source and confirm the payment data comprising the particular payment source by entering an identifier associated with the switching center, at least partially sign the payment data and the encrypted identifier by means of a key stored on the chip module, and to transmit the signed payment data and the signed encrypted identifier to the central office; and wherein the switching center is designed: to transmit a message from the central office to a payment institution belonging to the particular payment source, to debit the amount of money from the payment source.

Images